IdentitiesOnly and PKCS
Aaron Jones
me at aaronmdjones.net
Wed Dec 1 10:50:47 AEDT 2021
I use private keys in a smartcard (OpenPGP in my case, via
gpg-agent(1)'s SSH socket).
If you pass IdentityFile=/path/to/public-key, it will use it when
IdentitiesOnly=yes. In short, IdentitiesOnly=yes instructs ssh(1) to
*only* use the IdentityFile given to it explicitly. When the private key
is not on disk, you have to give it the *public* key instead to
accomplish this.
If it did in the past automatically fetch keys from an agent without you
having to give one to an IdentityFile, that seems like a bug, and it
being fixed probably explains the "regression" you're seeing.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20211130/5805d8c8/attachment-0001.asc>
More information about the openssh-unix-dev
mailing list